Starting the Revolution

2011 ◽  
pp. 148-167
Author(s):  
Peter White
Keyword(s):  
Information Security ◽  
Identity Management ◽  
Personal Data ◽  
Security Controls ◽  
Management Architecture ◽  
The Revolution

The chapter argues that an enterprise should develop its own Identity Management Architecture (IdMA) before attempting any Identity Management implementation. It begins with a discussion of the development of the Reference IdMA. It also discusses the issues of how to incorporate existing enterprise workflows and processes and other specific needs of an enterprise into an IdMA. It proposes the incorporation of existing information security controls into the IdMA by the use of chokepoints to monitor identified security hotspots. The issues surrounding the privacy of personal data as well as the protection of corporate data and assets are discussed and it is shown how these issues may be addressed and included in the Reference IdMA. Finally, there is a discussion of how to include federation with other enterprises as part of the enterprise’s IdMA.

A security study in Portuguese Public Hospitals - GDPR perspective (Preprint)

2020 ◽  
Author(s):  
Cátia Santos-Pereira
Keyword(s):  
Information Systems ◽  
Identity Management ◽  
Personal Data ◽  
Public Hospitals ◽  
Hospital Environment ◽  
Security Measures ◽  
Eu Member States ◽  
Security Issues ◽  
Management Processes ◽  
Authentication Security

BACKGROUND GDPR was scheduled to be formally adopted in 2016 with EU member states being given two years to implement it (May 2018). Given the sensitive nature of the personal data that healthcare organization process on a 24/7 basis, it is critical that the protection of that data in a hospital environment is given the high priority that data protection legislation (GDPR) requires. OBJECTIVE This study addresses the state of Public Portuguese hospitals regarding GDPR compliance in the moment of GDPR preparation period (2016-2018) before the enforcement in 25 May 2018, and what activities have started since then. The study focuses in three GDPR articles namely 5, 25 and 32, concerning authentication security, identity management processes and audit trail themes. METHODS The study was conducted between 2017 and 2019 in five Portuguese Public Hospitals (each different in complexity). In each hospital, six categories of information systems critical to health institutions were included in the study, trying to cover the main health information systems available and common to hospitals (ADT, EPR, PMS, RIS, LIS and DSS). It was conducted interviews in two phases (before and after GDPR enforcement) with the objective to identify the maturity of information systems of each hospital regarding authentication security, identity management processes and traceability and efforts in progress to avoid security issues. RESULTS A total of 5 hospitals were included in this study and the results of this study highlight the hospitals privacy maturity, in general, the hospitals studied where very far from complying with the security measures selected (before May 2018). Session account lock and password history policy were the poorest issues, and, on the other hand, store encrypted passwords was the best issue. With the enforcement of GDPR these hospitals started a set of initiatives to fill this gap, this is made specifically for means of making the whole process as transparent and trustworthy as possible and trying to avoid the huge fines. CONCLUSIONS We are still very far from having GDPR compliant systems and Institutions efforts are being done. The first step to align an organization with GDPR should be an initial audit of all system. This work collaborates with the initial security audit of the hospitals that belong to this study.

scholarly journals Improving Forensic Triage Efficiency through Cyber Threat Intelligence

2019 ◽  
Vol 11 (7) ◽  
pp. 162 ◽  
Author(s):  
Nikolaos Serketzis ◽  
Vasilios Katos ◽  
Christos Ilioudis ◽  
Dimitrios Baltatzis ◽  
Georgios Pangalos
Keyword(s):  
Information Security ◽  
Digital Forensics ◽  
Incident Response ◽  
Security Controls ◽  
Digital Forensic ◽  
Threat Intelligence ◽  
Cyber Threat ◽  
Series Of Experiments ◽  
Cyber Threat Intelligence ◽  
Security Incidents

The complication of information technology and the proliferation of heterogeneous security devices that produce increased volumes of data coupled with the ever-changing threat landscape challenges have an adverse impact on the efficiency of information security controls and digital forensics, as well as incident response approaches. Cyber Threat Intelligence (CTI)and forensic preparedness are the two parts of the so-called managed security services that defendants can employ to repel, mitigate or investigate security incidents. Despite their success, there is no known effort that has combined these two approaches to enhance Digital Forensic Readiness (DFR) and thus decrease the time and cost of incident response and investigation. This paper builds upon and extends a DFR model that utilises actionable CTI to improve the maturity levels of DFR. The effectiveness and applicability of this model are evaluated through a series of experiments that employ malware-related network data simulating real-world attack scenarios. To this extent, the model manages to identify the root causes of information security incidents with high accuracy (90.73%), precision (96.17%) and recall (93.61%), while managing to decrease significantly the volume of data digital forensic investigators need to examine. The contribution of this paper is twofold. First, it indicates that CTI can be employed by digital forensics processes. Second, it demonstrates and evaluates an efficient mechanism that enhances operational DFR.

Emerging Markets and Digital Economy

2012 ◽  
Vol 3 (2) ◽  
pp. 57-69 ◽  
Author(s):  
Ali M. Al-Khouri
Keyword(s):  
Information Security ◽  
Emerging Markets ◽  
Paradigm Shift ◽  
Identity Management ◽  
Digital Economy ◽  
Security Threats ◽  
Government Sector ◽  
The Government

This article provides an overview of the literature surrounding emerging markets and the global paradigm shift taking place towards the development of digital economies. It provides a review of recent practices in the government sector. The article promotes the concept of developing a government based identity management infrastructure to support the progress en route for building the digital economy. In light of increasing information security threats in today’s interconnected world, the article emphasizes that only through identification and authentication capabilities, emerging markets can maintain sustainability.

Sign in / Sign up

Export Citation Format

Share Document